How to import/convert an existing .inf template into the SCM .cab format RRS feed

  • Question

  • I really like Security Compliance Manager (SCM) and the effort of MS to convert their security configuration guides into the SCM .cab format. However, I am having difficulty with converting/importing existing MMC > Security Templates that are in .inf format into the SCM tool. The only option for importing third party baselines is in .cab format.

    Has anyone figured out how to import/convert an existing .inf template into the SCM .cab format?



    Friday, April 23, 2010 6:37 PM


All replies

  • I've quoted a team-mate to answer this question.


    “Importing a security template INF file into SCM is not currently supported. We are working on new functionality that will enable the tool to support importing GPO backups (which include INF files) and DCM packs. Until that functionality is made available, updating or modifying an existing baseline with the contents of an INF file is strictly a manual process best accomplished thru the SCM UI.”




    Jeffrey M (MSFT)

    Friday, April 30, 2010 7:58 PM
  • Hi Richard, importing INF into SCM is not supported in this release. We are under discussion about importing GPO in which includes INF template. Do you mind to participate the requirement conversation for this support?


    Michael Tan

    Dev lead

    Security Compliance Manager

    Monday, May 3, 2010 4:43 PM
  • Hello,

    We are doing a GPO audit of a large organization with over 400 servers.  I love the SCM tool, but there seems no way to import the current server baselines from a 2003 domain and then compare to them to the Microsoft Baselines in SCM.  I understand that using the new GPMC in RSTAT I can import, and export CAB files from the Starter GPO section, however there is no way to take an existing 2003 policies and covert them to a cab file that can be imported into SCM. 

    A really good option in SCM would be ability to point to a 2003+ server in the domain from the SCM console, and extract the baselines remotely.  Using this method, the queries could be stored in the SCM database, and then rerun as required to perform yearly audits.  Additionally the queries could be exported, and saved on per client basis for companies like mine to do yearly audits without reinventing the whole process each time.  I understand that DCM can do this, but not every client has SCCM installed, and doing so just for this functionality may be over kill. 

    So question is: How can I best use SCM to audit, configure baselines for a 2003 Domain?

    Phil de greve

    Thursday, May 6, 2010 7:16 PM
  •  Thank you

    This work by panzio is licensed under a Creative Commons Attribution 3.0 United States License
    Creative Commons License

    Need Help
    • Proposed as answer by TM-naiman Friday, May 7, 2010 12:12 AM
    Friday, May 7, 2010 12:12 AM
  • Maybe, I missed something, but, if you can't import your own baseline as an .inf and you can't create a custom baseline in the .cab format.  How are you supposed to use this tool?  Is it even possible to use SCM in an "offline" fashion ie disconnected from the Internet?

    Wednesday, May 12, 2010 8:08 PM
  • I'm with you LA Richards.  I'm a huge fan of this tool so far.  The only problem I am having is the baselines for server 2008 do not follow the CIS recommendations for security, which my company is using as a guideline.  How can we get a baseline that has all the Group Policy objects in it so i can use and hide what we aren't going to use?

    Thursday, May 13, 2010 4:04 PM
  • I have to say I agree. I installed this not 10 mins ago and thought 'wow this looks great'.  Then I went around looking for how I would import our current custom security baselines into the system to compare and found this out.  Unfortunately it's become another great example of MS software missing basic functionality required to be actually useful.  Please hurry up with a update.
    Tuesday, June 8, 2010 12:28 PM
  • Is there any timeline or estimated guess if/when this function might be made available in the SCM tool? OR do I have to move everything into another toolset or vendor solution in order to compare .inf and SCM .cab files?

    This continues to be an issue. We are government compliant and have to apply and be audited to DISA STIGs. Their web site delivers the standard as .inf files.

    I like the SCM concept, but I need to be able to import the applicable .inf files and compare the baselines.

    ---- Example ----

    The STIGs and the NSA Guides are the configuration standards for DOD IA and IA-enabled devices/systems.Developed by DISA for the DoD.


    The Windows 2008 Security Technical Implementation Guide (STIG) is published as a tool to improve the security of Department of Defense (DoD) information systems.  The requirements were developed from Federal and DoD consensus, as well as the Windows 2008 Security Guide and security templates published by Microsoft Corporation.  The vulnerabilities discussed in this document are applicable to Windows 2008 (all versions).

    Example for WinSrv08 compliance, the download zip contains:

    This document is meant for use in conjunction with other applicable STIGs and Checklists such as Directory Services, Web, DNS, Database, Secure Remote Computing, and Desktop Applications.

    Each of the above have their own .inf files for compliance. This means I need a way to load the SCM.cab vendor best practice, platform OS .inf, and application .inf files all into SCM to compare the layered results. This might also include current production .inf and NSA/NIST .inf files.  

    Wednesday, June 9, 2010 6:01 PM
  • Hi friends,

    SCM seems to be a wonderful tool, however, untill we couldn't convert an INF file into a CAB one or something like that, this tool won't be as useful as it could be.

    I wish you could add this feature soon.


    Friday, August 20, 2010 6:39 PM
  • Hi all,

    Well it's with no little disgust or disappointment that I've come across this thread in Mar 2011 and still MS have not released an updated SCM with the functionality that we require!

    Like most of the other posters on here I actually do like the tool and can see it saving time and making certain tasks a breeze but cant help wander why they didnt include the ability to import an existing GPO back-up into the tool to compare against the available baselines???

    Please please give us some REAL indication of when we can expect the V2 of SCM which has reviews out there on the holy grail functionality of being able to import an existing GPO for comparison...this self same reviews make mention that it was imminent "any day soon" and were written back in Feb!

    • Proposed as answer by nagwu Thursday, October 10, 2013 5:55 PM
    Thursday, March 10, 2011 1:54 PM
  • Fixed. Sorry about the wait and the lack of communication! My fault - send your flame mails my way - I can take it! :)



    Thursday, March 10, 2011 10:08 PM
  • Hello,

    I use SCM 3.0. I downloaded the STIG for Windows 2008 R2, which is u_windows_2008_r2_v1r12_stig.zip file. Upon extracting I get several files with pdf, zip, txt etc. I am interested in using the Domain policies. I have a Templates - 2008R2 folder which has a sceregvl.inf, U_FSO_2008_R2_DC_Analyze_only_V1R12.inf, U_FSO_2008_R2_MS_Analyze_only_V1R12.inf and a readme file.

    Does SCM 3.0 allow me to import the inf file so that I could export it as a GPO pack to be loaded into AD?

    Any help on how to accomplish this will be highly appreciated as DISA and the forum is pretty thin on explaining how to get the policies loaded into group policy....


    TIA TP

    Thursday, August 21, 2014 2:55 PM
  • Jeff,

    We are using SCM version 3.0. I downloaded the DISA STIGS for Windows 2008R2 which is a compressed file. Upon extracting it presents with subfolders and I am interested in the Active Directory domain policies. This folder has an XML, XSL and a jpeg. I need to import this into SCM or somehow create a .cab file to get the policies loaded to AD. Can you shed some light into how to accomplish this?


    TIA TP

    Friday, August 22, 2014 1:52 AM
  • One more bump...

    Importing INF templates would really be THE step forward.


    Tuesday, August 26, 2014 1:31 PM